Medical Data Becoming Valuable To Hackers

The personal information stored in health care records fetches increasingly impressive sums on underground markets, making any company that stores such data a very attractive target for attackers.

“Hackers will go after anyone with health care information,” said John Pescatore, director of emerging security trends at the SANS Institute, adding that in recent years hackers have increasingly set their sights on EHRs (electronic health records).

With medical data, “there’s a bunch of ways you can turn that into cash,” he said. For example, Social Security numbers and mailing addresses can be used to apply for credit cards or get around corporate antifraud measures.

This could explain why attackers have recently targeted U.S. health insurance providers. Last Tuesday, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed in a hack that was discovered in January. Last month, Anthem, another health insurance provider, said that 78.8 million customer and employee records were accessed in an attack.

Both attacks exposed similar data, including names, Social Security numbers, birth dates, telephone numbers, member identification numbers, email addresses and mailing addresses. In the Premera breach, medical claims information was also accessed.

If the attackers try to monetize this information, the payout could prove lucrative.

Credentials that include Social Security numbers can sell for a couple of hundred dollars since the data’s lifetime is much longer compared to pilfered credit card numbers, said Matt Little, vice president of product development at PKWARE, an encryption software company with clients that include health care providers. Credit card numbers, which go for a few dollars, tend to work only for a handful of days after being reported stolen.

Source

Target Settles Security Breach

Target is reportedly close to paying out $10m to settle a class-action case that was filed after it was hacked and stripped of tens of millions of peoples’ details.

Target was smacked by hackers in 2013 in a massive cyber-thwack on its stores and servers that put some 70 million people’s personal information in harm’s way.

The hack has had massive repercussions. People are losing faith in industry and its ability to store their personal data, and the Target incident is a very good example of why people are right to worry.

As well as tarnishing Target’s reputation, the attack also led to a $162m gap in its financial spreadsheets.

The firm apologized to its punters when it revealed the hack, and chairman, CEO and president Gregg Steinhafel said he was sorry that they have had to “endure” such a thing

Now, according to reports, Target is willing to fork out another $10m to put things right, offering the money as a proposed settlement in one of several class-action lawsuits the company is facing. If accepted, the settlement could see affected parties awarded some $10,000 for their troubles.

We have asked Target to either confirm or comment on this, and are waiting for a response. For now we have an official statement at Reuters to turn to. There we see Target spokeswoman Molly Snyder confirming that something is happening but not mentioning the 10 and six zeroes.

“We are pleased to see the process moving forward and look forward to its resolution,” she said.

Not available to comment, not that we asked, will be the firm’s CIO at the time of the hack. Thirty-year Target veteran Beth Jacob left her role in the aftermath of the attack, and a replacement was immediately sought.

“To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target,” said Steinhafel then.

“As a first step in this effort, Target will be conducting an external search for an interim CIO who can help guide Target through this transformation.”

“Transformational change” pro Bob DeRodes took on the role in May last year and immediately began saying the right things.

“I look forward to helping shape information technology and data security at Target in the days and months ahead,” he said.

“It is clear to me that Target is an organization that is committed to doing whatever it takes to do right by their guests.”

We would ask Steinhafel for his verdict on DeRodes so far and the $10m settlement, but would you believe it, he’s not at Target anymore either having left in the summer last year with a reported $61m golden parachute.

Source

IBM Debuts New Mainframe

IBM has started shipping its all-new first z13 mainframe computer.

IBM has high hopes the upgraded model will generate solid sales based not only on usual customer patterns but its design focus aimed at helping them cope with expanding mobile usage, analysis of data, upgrading security and doing more “cloud” remote computing.

Mainframes are still a major part of the Systems and Technology Group at IBM, which overall contributed 10.8 percent of IBM’s total 2014 revenues of $92.8 billion. But the z Systems and their predecessors also generate revenue from software, leasing and maintenance and thus have a greater financial impact on IBM’s overall picture.

The new mainframe’s claim to fame is to use simultaneous multi-threading (SMT) to execute two instruction streams (or threads) on a processor core which delivers more throughput for Linux on z Systems and IBM z Integrated Information Processor (zIIP) eligible workloads.

There is also a single Instruction Multiple Data (SIMD), a vector processing model providing instruction level parallelism, to speed workloads such as analytics and mathematical modeling. All this means COBOL 5.2 and PL/I 4.5 exploit SIMD and improved floating point enhancements to deliver improved performance over and above that provided by the faster processor.

Its on chip cryptographic and compression coprocessors receive a performance boost improving both general processors and Integrated Facility for Linux (IFL) cryptographic performance and allowing compression of more data, helping tosave disk space and reducing data transfer time.

There is also a redesigned cache architecture, using eDRAM technology to provide twice as much second level cache and substantially more third and fourth level caches compared to the zEC12. Bigger and faster caches help to avoid untimely swaps and memory waits while maximisng the throughput of concurrent workload Tom McPherson, vice president of z System development, said that the new model was not just about microprocessors, though this model has many eight-core chips in it. Since everything has to be cooled by a combination of water and air, semiconductor scaling is slowing down, so “you have to get the value by optimizing.

The first real numbers on how the z13 is selling won’t be public until comments are made in IBM’s first-quarter report, due out in mid-April, when a little more than three weeks’ worth of billings will flow into it.

The company’s fiscal fortunes have sagged, with mixed reviews from both analysts and the blogosphere. Much of that revolves around IBM’s lag in cloud services. IBM is positioning the mainframe as a prime cloud server, one of the systems that is actually what cloud computing goes to and runs on.

Source

Intel Shows Off The Xeon SoC

Intel has announced details of its first Xeon system on chip (SoC) which will become the new the Xeon D 1500 processor family.

Although it is being touted as a server, storage and compute applications chip at the “network edge”, word on the street is that it could be under the bonnet of robots during the next apocalypse.

The Xeon D SoCs use the more useful bits of the E3 and Atom SoCs along with 14nm Broadwell core architecture. The Xeon D chip is expected to bring 3.4x better performance per watt than previous Xeon chips.

Lisa Spelman, Intel’s general manager for the Data Centre Products Group, lifted the kimono on the eight-core 2GHz Xeon D 1540 and the four-core 2.2GHz Xeon D 1520, both running at 45W. It also features integrated I/O and networking to slot into microservers and appliances for networking and storage, the firm said.

The chips are also being touted for industrial automation and may see life powering robots on factory floors. Since simple robots can run on basic, low-power processors, there’s no reason why faster chips can’t be plugged into advanced robots for more complex tasks, according to Intel.

Source

IBM Goes Bare Metal

IBM has announced the availability of OpenPower servers as part of the firm’s SoftLayer bare metal cloud offering.

OpenPower, a collaborative foundation run by IBM in conjunction with Google and Nvidia, offers a more open approach to IBM’s Power architecture, and a more liberal licence for the code, in return for shared wisdom from member organisations.

Working in conjunction with Tyan and Mellanox Technologies, both partners in the foundation, the bare metal servers are designed to help organisations easily and quickly extend infrastructure in a customized manner.

“The new OpenPower-based bare metal servers make it easy for users to take advantage of one of the industry’s most powerful and open server architectures,” said Sonny Fulkerson, CIO at SoftLayer.

“The offering allows SoftLayer to deliver a higher level of performance, predictability and dependability not always possible in virtualised cloud environments.”

Initially, servers will run Linux applications and will be based on the IBM Power8 architecture in the same mold as IBM Power system servers.

This will later expand to the Power ecosystem and then to independent software vendors that support Linux on Power application development, and are migrating applications from x86 to the Power architecture.

OpenPower servers are based on open source technology that extends right down to the silicon level, and can allow highly customised servers ranging from physical to cloud, or even hybrid.

Power systems are already installed in SoftLayer’s Dallas data centre, and there are plans to expand to data centres throughout the world. The system was first rolled out in 2014 as part of the Watson portfolio.

Prices will be announced when general availability arrives in the second quarter.

Source

nVidia Fixes Linux Bug

Nvidia has fixed an ancient problem in Ubuntu systems which turned the screen into 40 shades of black.

The problem has been around for years and is common for anyone using Nvidia gear on Ubuntu systems.

When opening the window of a new application, the screen would go black or become transparent. As it turns out, this is actually an old problem and there are bug reports dating back from Ubuntu 12.10 times.

However to be fair it was not Nvidia’s fault. The problem was caused by Compiz, which had some leftover code from a port. Nvidia found it and proposed a fix.

“Our interpretation of the specification is that creating two GLX pixmaps pointing at the same drawable is not allowed, because it can lead to poorly defined behavior if the properties of both GLX drawables don’t match. Our driver prevents this, but Compiz appears to try to do this,” wrote NVIDIA’s Arthur Huillet.

Soon after that, a patch has been issued for Compiz and it’s been approved. The patch would be pushed in Ubuntu 15.04 and is likely to be backported to Ubuntu 14.04 LTS.

Source

Qualcomm Goes Ultrasonic

Qualcomm has unveiled what it claims is the world’s first ‘ultrasonic’ fingerprint scanner, in a bid to improve mobile security and further boost Android’s chances in the enterprise space.

The Qualcomm Snapdragon Sense ID 3D Fingerprint technology debuted during the chipmaker’s Mobile World Congress (MWC) press conference on Monday.

The firm claimed that the new feature will outperform the fingerprint scanners found on smartphones such as the iPhone 6 and Galaxy S6.

Qualcomm also claimed that, as well as “better protecting user data”, the 3D ultrasonic imaging technology is much more accurate than capacitive solutions currently available, and is not hindered by greasy or sweaty fingers.

Sense ID offers a more “innovative and elegant” design for manufacturers, the firm said, owing to its ability to scan fingerprints through any material, be it glass, metal or sapphire.

This means, in theory, that future fingerprint sensors could be included directly into a smartphone’s display.

Derek Aberle, Qualcomm president, said: “This is another industry first for Qualcomm and has the potential to revolutionise mobile security.

“It’s also another step towards the end of the password, and could mean that you’ll never have to type in a password on your smartphone again.”

No specific details or partners have yet been announced, but Qualcomm said that the Sense ID technology will arrive in devices in the second half of 2015, when the firm’s next-generation Snapdragon 820 processor is also tipped to debut.

The firm didn’t reveal many details about this chip, except that it will feature Kryo 64-bit CPU tech and a new machine learning feature dubbed Zeroth.

Qualcomm also revealed more details about LTE-U during Monday’s press conference, confirming plans to extend LTE to unused spectrum using technology integrated in its latest small-cell solutions and RF transceivers for mobile devices.

“We face many challenges as demand for data constantly grows, and we think the best way to fix this is by taking advantage of unused spectrum,” said Aberle.

Finally, the chipmaker released details about a new a partnership with Cyanogen, the open-source outfit responsible for the CyanogenMod operating system.

Qualcomm said that it will provide support for the best features and UI enhancements of CyanogenMod on Snapdragon processors, which will be available for the release of Qualcomm Reference Design in April.

The MWC announcements follow the launch of the ARM Cortex-based Snapdragon 620 and 618 chips last month, which promise to improve connectivity and user experience on high-end smartphones and tablets.

Aberle said that these chips will begin to show up in devices in mid to late 2015.

Source

Uber Suffers A Data Breach

The names and license plate numbers of about 50,000 Uber drivers were exposed in a security breach last year, the company revealed on Friday.

Uber found out about a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.

The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a “small percentage” of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.

It’s in the process of notifying the affected drivers and advised them to monitor their credit reports for fraudulent transactions and accounts. It said it hadn’t received any reports yet of actual misuse of the data.

Uber will provide a year of free identity protection service to the affected drivers, it said, which has become fairly standard for such breaches.

The company said it had filed a “John Doe” lawsuit Friday to help it confirm the identity of the party responsible for the breach.

Source

Can Android AT Work Entice The Enterprise?

Google Inc rolled out an initiative  to make smartphones running its Android software more appealing to corporations, a move that could help extend the Internet technology giant reach into workplaces.

Google said on its official blog that its Android for Work program will provide improved security and management features for corporations that want to give their employees Android smartphones. Smartphones supported by the new initiative will be able to keep an employee’s work and personal apps separate, and a special Android for Work app will allow businesses to oversee key tools such as email, calendar and contacts.

Google said it is partnering with more than two dozen companies including Blackberry Ltd, Citrix Systems Inc, Box Inc.

Google’s Android software is the world’s most popular mobile operating system, but many corporations, which have significant security and device management requirements, give their employees smartphones made by Blackberry or Apple Inc.

Source

Microsoft Cuts The Darkside

The security of the employees of Phantom Dust developer Darkside Game Studios is in doubt, after Microsoft decided to sever all professional ties to the studio.

Phantom Dust is a remake of an Xbox game from 2004, which was designed by Yukio Futatsugi, the creator of Panzer Dragoon. Darkside’s project was unveiled at E3 last year as an exclusive title for the Xbox One, but whatever agreement existed between the studio and Microsoft has been terminated.

Here’s the official line: “Microsoft partnered with Darkside Game Studios in the development of Phantom Dust, but our working relationship has now ended. We have great respect for their studio and their work in the industry.

“While we do not have anything new to share on Phantom Dust at this time, we can confirm that development of the title continues. We look forward to sharing more details on the game as we get closer to release.”

Darkside, which is based in Florida, has contributed to the development of a host of major releases, including a couple of Xbox exclusives: Sunset Overdrive, Gears of War: Judgment, the Borderlands franchise, the Bioshock franchise; it’s a solid track record, albeit entirely composed of contract work, and Phantom Dust was to be its first solo project.

However, the “respect” Microsoft has for that track record is now the subject of suspicion, with several sources from within Darkside claiming that the company has been forced to layoff its entire staff – around 50 people.

“The executives who saw it were impressed and as late as this morning gave our team every indication that the project was on solid ground,” one of the sources said to Kotaku. “Yet we got the phone call today that someone up on high who in all likelihood wasn’t even aware of the game in detail shut it down.”

The notion that the alleged termination of Darkside’s working relationship with Microsoft was sudden is reinforced by the studio’s recruitment page, which advertised six open positions as recently as the start of January. Among the perks listed there, one stands out: “Working with major publishers.”

Microsoft offered no comment on the situation at Darkside, but we are pursuing the studio’s management for clarification.

Source

« Previous Page — Next Page »